There are two reasons you might think your account has been hacked.
Their accounts were trying to be hacked while they were playing the Roblox game, and many of the players failed to save their accounts which resulted in their accounts being disabled. When the hackers do their thing, they get into the Roblox game and wreak havoc.
You may have received a message from Microsoft that says, “Help us secure your account”. That means we have seen some activity on your account that is out of the ordinary enough for us to take measures to lock down your account until you can take action.
You have seen activity such as unauthorized charges, spam being sent to your contact list, unrecognized names in your file sharing, etc.
If neither of those sounds like your situation, please visit When you can’t sign in to your Microsoft account.
Follow these steps in order to help you take back control of your Microsoft account.
Note: Xbox customers will find a solution customized to the way you interact with your console and account on Xbox Compromised Account Solution.
1. Change your Microsoft account password
The first thing you’ll want to do to protect your account is to change your password.
Go to Recover your account and type in the email address, phone number, or Skype name you use to sign in. Then select Next.
We'll ask where you'd like to get your security code. Select Next.
Type the requested information and select Send code.
Type the security code into Verify your identity, then select Next.
Type in your New password. Then confirm it by typing it again into the Re-enter password field.
If you are unable to change your password using a security code to your contact information, complete the recovery form. Here are some tips you can use to fill out the form.
Note: For the protection of your account, we have strict policies on how our advocates can help you with your account. Microsoft Support advocates are not able to reset your password provide account information without proper validation or make any changes to your account security on your behalf. Only you can reset your password and make security changes to your account.
Steps to take if I can't verify that I own the account
We recommend that you try again, up to two times per day. You may find more information or have remembered something that will help.
You can always create a new account if you’re having trouble with the recovery request and try again later when you remember something new that might help.
2. Check sign in activity for sign ins that weren’t you
After signing in, you’ll want to review the recent activity on your account. If you see any account activity that looks unfamiliar, select This wasn’t me, and we’ll help you change your password if you haven’t already done so.
Note: Location is based on IP address and is approximate to protect your privacy. Look for consistency rather than exactness of location.
Go to Security > Sign-in activity > View my activity
Because of the sensitivity of this information, we’ll need to verify your identity with a security code. On the Protect your account screen, select the method by which you’d like to receive this code, then select Send code.
On the Enter code screen, enter the security code you receive.
Review the recent sign-in activity on your account. If you see any successful sign-in that you do not recognize, run a scan with your security software and remove any malware you find. Then change your password again.
3. Review your Microsoft account settings
Check Security Contact Info: Remove any security contact information the attacker might have added.
On the Security basics page, select the Update info button. If you're not already signed in to your Microsoft account, you'll be prompted to sign in.
You may be asked to enter a verification code to continue. If you don't have access to your alternate email or phone number, choose I don't have any of these and follow the instructions to replace your security info.
You'll see your security info under Security settings. Choose Remove for any you want to remove. You may be asked to add new security info before you can remove the old info.
Update Outlook.com email settings: Sometimes attackers change your email settings so that they receive emails you send out, or they set up automatic replies for emails you receive. Because this is so common, Microsoft will reset these settings to the default options if we think your account was compromised.
Sign in to Outlook.com
Select the settings icon, then View all settings.
Review the following settings and remove any unfamiliar addresses or information that might have been added:
Remove OneDrive Sharing: Make sure an attacker didn’t give himself access to your files.
Sign in to OneDrive.
Select Shared on the left menu under OneDrive.
Review the folders and files that you're sharing to see if any have been added or removed.
Review Order History: Review Order history for unrecognized charges.
If you see charges you don’t remember making, check your apps and downloaded content to make sure someone in your family didn’t make the purchase.
If you do determine that the charge isn’t yours, see What to do about unexpected charges from Microsoft.
4. Protect your other online accounts
If an attacker had access to your username and password, they may have access to any other accounts where you used that account. Just to be safe, you should change your passwords on those other sites as well.
5. Protect your Microsoft account for the future
Take a look at our tips in Help protect your Microsoft account. We especially recommend you take a look at our Do’s and Don’ts for creating a strong password, and that you consider using two-step verification and the Microsoft Authenticator app to help strengthen your account security and to sign-in without passwords.
Adding additional security contact info can make it easier to recover your account if someone else takes control of it, or you forget your password. We never use your security contact info for marketing purposes—it’s only to verify your identity.
Related articles
When you can't sign into your Microsoft account
How to close your Microsoft account
Keep your computer safe at home
What to do about unexpected charges from Microsoft
As our whole life is becoming online, the number of white hat and black-hat hackers are increasing. Many of you or someone you know, may have gotten their account hacked at one point in time.
There are multiple ways a hacker could hack you and one way to keep yourself secure is by knowing how hackers hack the passwords and the methods and software they generally use.
By knowing how hackers get into target accounts, you will be in a better situation to understand how you can possibly get hacked and how to increase your security.
- Read: 5 Ways to Keep yourself safe while using the Internet
How Do Hackers Get Your Passwords?
Contents
- How Do Hackers Get Your Passwords?
There are some common techniques that hackers use to hack your passwords.
One of them is phishing pages. A hacker will send a login page of Gmail or Facebook which looks exactly the same as the real Facebook or Gmail login page.
Most of the time they use social engineering skills where they send a message that says
“This person has posted your bad picture on Facebook, click here to check your photo”. Once you click on the link, you will be taken to the login page and as soon as you enter your password, it will be available to the hacker.
Most of the time, the victim doesn’t even realize that the password is gone.
Watch this video to learn more about the phishing attack:
Hackers hack accounts and passwords for various reasons. Some of them hack just to show their skills off while some get into hacking for profits.
Many of them will use your email account to send spam links to your contact list or use your Facebook account to send spam application links.
The major problem arises when hackers get hold of your private and sensitive data. Like I mentioned above, there are many other methods being used by hackers to hack passwords or email access.
1. Keyloggers
This is one of the basic tools used for getting your passwords. Keylogger resides in your system memory and runs at every startup. These keyloggers log all your keystrokes.
A log is created and is then sent to the hacker. One of the most famous is the Ardamax Keylogger. It can be customized to not be shown in “Processes” (Windows Task Manager).
I suggest you to start using Online virtual Keyboard when typing passwords for sensitive sites like your bank account, email and Paypal account. You can also start using a password manager like Dashlane that auto-fills the login data and thus no key logs are made.
2. RAT
RAT stands for Remote Administration Tool. With RAT, a hacker can connect to your PC without your knowledge. The hacker can see your screen and also see the sites you surf. It also has the built-in functionality of keylogger.
Hackers can copy files from your hard disk to his/her computer – all this without your knowledge.
A good example of RAT is Poison Ivy. It can be customized to connect to your PC on a particular port number specified while creating the RAT.
3. Trojan Horses
These are the most common types of malware. Trojans spread through warez sites mostly.
When you download from warez sites, all the keygens and patches and even the original trial programs are infected with a trojan.
This means you will get the software for free, but your computer will be affected with a trojan horse.
When you run the patch/keygen, you’ll get the desired output, but in the background, your system gets infected with the trojan.
Turkojan is a famous Trojan horse. A trojan is much more superior compared to keyloggers or RATs. It provides much more functionality so that the hacker has greater access to your PC.
These days Android phones are most vulnerable to the trojan horse a.k.a backdoors. Hackers will persuade you to install an apk file which will then install a backdoor apk.
This is why you should never install .apk files from untrusted sources. We will talk more about how to safeguard yourself in future articles.
There are many other ways which a hacker uses, for example, if you are connected to the internet on a LAN, which uses the same router, a hacker can use any packet sniffer and base decoder to read all sensitive data being transmitted from your computer. Cain and Abel is one such sniffer, but there are many more.
That’s one reason why I always encourage secure browsing whenever possible. Most sites, like Facebook, give an option to use the https login, which encrypts your data. In such cases, even if the hacker uses the sniffer to capture your data, decoding passwords will not be easy.
Brute forcing is another common method, but with technology advancement, most email and web login forms come with features that can handle such attacks.
How to protect yourself from hacking:
- Install a good, licensed anti-virus. I suggest you go for Kaspersky. It’s the best anti-virus out there.
- Always have your Windows Firewall turned on.
- Encrypt your data.
- Start using a password manager like Dashlane or any other.
- Activate 2FA for all the services you use.
- If you are paranoid just like me, start using hardware-based security such as Yubikey.
- Never ever trust warez sites. There is a lot of malware flowing out there.
- Never auto-play a pen drive. The malware automatically gets installed on your PC.
- Don’t run attachments from emails unless you are certain about the source.
- If you want to run .exe files safely, run them sandboxed. A free application Sandboxie is available for this purpose.
- If you feel you’re infected, format your PC/Mobile phone immediately. No anti-virus can remove a Trojan horse from your PC. It’s very difficult to remove a trojan from an infected PC.
- Do a security audit every quarter or half yearly, depending on your need.
Well, to be safe, you have to take preventive methods and make sure you enable all security features offered by the web app you are using. I hope this article helps you to understand how hackers hack so that you can take all preventive measures to keep your passwords safe.
If you find this article useful, don’t forget to share it on Whatsapp and Facebook for more social awareness.